The story started this blog post. http://ddanchev.blogspot.com/2008/04/unicef-too-iframe-injected-and-seo.html
A guy in the organization I work for, who can be noisy at times, happens to be a subscriber of the feed and bought this to our attentions.
I am the webmaster there, officially titled to be so. So I have to do, or say at least something, when things are brought up this way.
I read the post, hard to understand. Frankly, I do not know if I got the full idea still.
SEO (I did not know the abbreviation) seemingly stands for Search Engine Optimization. In short, in this context, it points to the fact that search engines give higher ranking to pages from “high profile sites”.
Then, IFRAME injection (I did not know that this was getting that popular either) basically is to inject malicious contents using the well-known XSS (Cross Site Scripting) vulnerability.
So I said to the guy that for our site, the XSS was looked into, so we are safe. In reality, you can not be really safe. But you need sometime to be diplomatic, bureaucratic…
The one thing I still do not really get is that, then how to have those injected URLs indexed by google.
According to some posts I found on the net, those malicious guys publish millions of pages tagged with keywords, where they have links to those injected URLs. Google robot comes and is tricked that the injected URLs mentioned at many place for those keywords. It indexes it with a high ranking because it is from a “high profile site”.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment